More mobe malware creeps into Google Play – this time, ransomware

Charger seeks to drain bank accounts of unlucky 'droids

Researchers say a piece of ransomware disguised as a battery app made its way into the Play store.

Check Point says one of its customers contracted the malware app, dubbed "Charger," after installing what they thought was a battery monitoring tool called EnergyRescue.

Researchers with Check Point Mobile Threat Prevention say the malware activates when EnergyRescue runs, and requires admin access to the device.

Once that permission is granted, the malware checks for location (it does not attack phones in the Ukraine, Belarus, or Russia), then swipes all user contacts and SMS messages and locks down the device.

From there, the user is told that they must pay to deactivate the ransomware or they will have their full details spaffed out for various nefarious activities, including bank fraud and spam.

"You need to pay for us, otherwise we will sell portion of your personal information on black market every 30 minutes," the ransomware tells users.

Not ones to be unprofessional, the Charger operators attempt to reassure their victims by offering a "100% guarantee" that once the 0.2 Bitcoin ransom (currently around $183) is paid, all the collected information will be deleted and the device unlocked.

"The ransom demand for 0.2 Bitcoins is a much higher ransom demand than has been seen in mobile ransomware so far," note Check Point mobile security analysts Oren Koriat and Andrey Polkovnichenko. "By comparison, the DataLust ransomware demanded merely $15."

Check Point says that thus far it has not spotted any payments being registered to the Bitcoin address used for the ransom collection, so it is unclear how much, if anything, has been made from this operation. The security house says it has already reported the incident to Google and had the infected app taken down.

"We appreciate Checkpoint's efforts to raise awareness about this issue," a Google spokesbod told El Reg. "We've taken the appropriate actions in Play, and will continue to work closely with the research community to help keep Android users safe."

It is unclear exactly how the malware got into the Play Store. In the past, Android malware devs have managed to slip past Google's checks by wrapping themselves within the install packages of otherwise legitimate apps, such as games or utilities.

Earlier this week, Check Point also spotted a software nasty dubbed HummingWhale in apps available via Google Play. ®